<?php
function check_login($total=false){
	require("vars.php");
	if ($total == true){ /*if set to true will restrict page*/
		if (!$_SESSION['user']) header("Location:$auth_login?status=denied");
	}else{  /*else will return true if loggin*/
		if ($_SESSION['user']){return true;}
	}
}

function check_logout(){
	require("vars.php");
	if ($_SESSION['user']) header("Location:$auth_loggedin"); //if already login in go to logged in page
}

function logoutlink($link = true,$text = 'logout', $id = null){ /*customise html attributes in parameters*/
	require("vars.php");
	if ($link == true){
		if ($id ==null) $id = 'login';
		echo "<a href='$auth_login?status=loggedout' id='$id'>$text</a>";
	}else{
		echo "$auth_login?status=loggedout";
	}
}

function login ($submit ='login', $user = 'user', $pass = 'pass') {
    if (!$_POST[$submit]){
        array_walk($_GET, "secureGET");
        // If the user clicks the "Log Out" link.
        if(isset($_GET['status']) && $_GET['status'] == 'loggedout') {
            logout();//logout
            return 4;
        //else if the user is denied
        }else if(isset($_GET['status']) && $_GET['status'] == 'denied') {
            logout(); //to keep it clean in case of errors
            return 5;
        }else check_logout();
    }else if ($_POST[$submit]){
    array_walk($_POST, "securePOST");
    $user = $_POST[$user];
    $pass = $_POST[$pass];

    if ($user && $pass){ //if user and pass is entered

            require("vars.php"); //require MySQL conection settings
            mysql_connect($auth_mysql_server, $auth_mysql_user, $auth_mysql_pass); //connect to MySQL
            mysql_select_db($auth_mysql_db); // select MySQL database
	    
	        $pass = encrypt($pass); // hash password

            $query = mysql_query("SELECT * FROM $auth_mysql_table WHERE user='$user'"); // run query
            $numrows = mysql_num_rows($query);

            if ($numrows == 1){ //check if user exists
                    $row = mysql_fetch_assoc ($query);
                    $dbid = $row[$auth_mysql_id_row];
                    $dbuser = $row[$auth_mysql_user_row];
                    $dbpass = $row[$auth_mysql_pass_row];

                    if ($pass == $dbpass){ // if password is equal to the one in the database start session
                        session_start();
                        //set session vars
                        $_SESSION['user'] = $dbuser;

                        header("Location:$auth_loggedin"); // goto logged in page

                    }
                    else return (3);
            }
            else return (2);

            mysql_close(); // close MySql connection
     }
     else return (1);
}}

function login_log ($log){
	require ("vars.php");
        if($log){
    	    echo "<h4 class='alert'>";
    	    if ($auth_debug == true){
    	        echo "error ";
    	        echo $log;
    	        echo " -debug mode enabled- ";
    	    }else switch ($log){
    	    	case 1:
        	case 2:
        	case 3: echo "You login informaion was incorrect !";
        		break;
        		
        	case 4: echo "You have been logged out <meta http-equiv='refresh' content='2; url=/'";
        		break;
        		
        	case 5: echo "Access Denied !";
        		break;
        }
        echo "</h4>";
    }
}

function logout(){
	session_destroy();
}
function securePOST(&$value, $key)
{
    $_POST[$key] = htmlspecialchars(stripslashes($_POST[$key]));
    $_POST[$key] = str_ireplace("script", "blocked", $_POST[$key]);
    $_POST[$key] = mysql_escape_string($_POST[$key]);
    return $_POST[$key];
}
function secureGET(&$value, $key)
{
    $_GET[$key] = htmlspecialchars(stripslashes($_GET[$key]));
    $_GET[$key] = str_ireplace("script", "blocked", $_GET[$key]);
    $_GET[$key] = mysql_escape_string($_GET[$key]);
    return $_GET[$key];
}
function encrypt($input){
    require('vars.php');
    if ($auth_encrypt == 'md5salt') $input = md5($input.$auth_salt); else $input = hash($auth_encrypt, $input);
    return $input;
}
